Dear Virgin Media
I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media). I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently.
Virgin Media, can I please draw your attention to CESG’s recently published password guidance? It recommends:
Use a generation scheme designed for high memorability – such as:
- passphrases;
- 4 random dictionary words; or
- CVC-CVC-CVC style passwords (CVC = Consonant-Vowel-Consonant)
Sadly, with your system I cannot follow the advice of the national Technical Authority, as by design, the passwords are too long.
Can you please explain your unusual policy?
Best Regards
Colin Robbins, Long Serving Customer.
PS. At the same time, can you please indicate why you do not provide higher security options such as 2 step verification or 2 factor authentication (the blog Independent Factors will help you understand the difference)?